# HG changeset patch # User Marcin Kuzminski # Date 2018-07-02 10:20:44 # Node ID e2835069ca567fefa34d2e343eb127ff06c8a1f2 # Parent 422e7c9bdb79a4c1368c4442f0925c5e907399f2 tests: added tests for permission update views to catch obvious form errors. diff --git a/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py b/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py --- a/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py +++ b/rhodecode/apps/repo_group/tests/test_repo_groups_permissions.py @@ -20,6 +20,8 @@ import pytest +from rhodecode.tests.utils import permission_update_data_generator + def route_path(name, params=None, **kwargs): import urllib @@ -37,13 +39,48 @@ def route_path(name, params=None, **kwar @pytest.mark.usefixtures("app") -class TestRepoGroupsPermissionsView(object): +class TestRepoGroupPermissionsView(object): - def test_edit_repo_group_perms(self, user_util, autologin_user): + def test_edit_perms_view(self, user_util, autologin_user): repo_group = user_util.create_repo_group() + self.app.get( route_path('edit_repo_group_perms', repo_group_name=repo_group.group_name), status=200) - def test_update_permissions(self): - pass + def test_update_permissions(self, csrf_token, user_util): + repo_group = user_util.create_repo_group() + repo_group_name = repo_group.group_name + user = user_util.create_user() + user_id = user.user_id + username = user.username + + # grant new + form_data = permission_update_data_generator( + csrf_token, + default='group.write', + grant=[(user_id, 'group.write', username, 'user')]) + + # recursive flag required for repo groups + form_data.extend([('recursive', u'none')]) + + response = self.app.post( + route_path('edit_repo_group_perms_update', + repo_group_name=repo_group_name), form_data).follow() + + assert 'Repository Group permissions updated' in response + + # revoke given + form_data = permission_update_data_generator( + csrf_token, + default='group.read', + revoke=[(user_id, 'user')]) + + # recursive flag required for repo groups + form_data.extend([('recursive', u'none')]) + + response = self.app.post( + route_path('edit_repo_group_perms_update', + repo_group_name=repo_group_name), form_data).follow() + + assert 'Repository Group permissions updated' in response diff --git a/rhodecode/apps/repository/tests/test_repo_permissions.py b/rhodecode/apps/repository/tests/test_repo_permissions.py new file mode 100644 --- /dev/null +++ b/rhodecode/apps/repository/tests/test_repo_permissions.py @@ -0,0 +1,77 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2010-2018 RhodeCode GmbH +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3 +# (only), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +# This program is dual-licensed. If you wish to learn more about the +# RhodeCode Enterprise Edition, including its added features, Support services, +# and proprietary license terms, please see https://rhodecode.com/licenses/ + +import pytest + +from rhodecode.tests.utils import permission_update_data_generator + + +def route_path(name, params=None, **kwargs): + import urllib + + base_url = { + 'edit_repo_perms': '/{repo_name}/settings/permissions' + # update is the same url + }[name].format(**kwargs) + + if params: + base_url = '{}?{}'.format(base_url, urllib.urlencode(params)) + return base_url + + +@pytest.mark.usefixtures("app") +class TestRepoPermissionsView(object): + + def test_edit_perms_view(self, user_util, autologin_user): + repo = user_util.create_repo() + self.app.get( + route_path('edit_repo_perms', + repo_name=repo.repo_name), status=200) + + def test_update_permissions(self, csrf_token, user_util): + repo = user_util.create_repo() + repo_name = repo.repo_name + user = user_util.create_user() + user_id = user.user_id + username = user.username + + # grant new + form_data = permission_update_data_generator( + csrf_token, + default='repository.write', + grant=[(user_id, 'repository.write', username, 'user')]) + + response = self.app.post( + route_path('edit_repo_perms', + repo_name=repo_name), form_data).follow() + + assert 'Repository permissions updated' in response + + # revoke given + form_data = permission_update_data_generator( + csrf_token, + default='repository.read', + revoke=[(user_id, 'user')]) + + response = self.app.post( + route_path('edit_repo_perms', + repo_name=repo_name), form_data).follow() + + assert 'Repository permissions updated' in response diff --git a/rhodecode/apps/user_group/tests/test_user_groups_permissions.py b/rhodecode/apps/user_group/tests/test_user_groups_permissions.py new file mode 100644 --- /dev/null +++ b/rhodecode/apps/user_group/tests/test_user_groups_permissions.py @@ -0,0 +1,80 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2010-2018 RhodeCode GmbH +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License, version 3 +# (only), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +# This program is dual-licensed. If you wish to learn more about the +# RhodeCode Enterprise Edition, including its added features, Support services, +# and proprietary license terms, please see https://rhodecode.com/licenses/ + +import pytest + +from rhodecode.tests.utils import permission_update_data_generator + + +def route_path(name, params=None, **kwargs): + import urllib + from rhodecode.apps._base import ADMIN_PREFIX + + base_url = { + 'edit_user_group_perms': + ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions', + 'edit_user_group_perms_update': + ADMIN_PREFIX + '/user_groups/{user_group_id}/edit/permissions/update', + }[name].format(**kwargs) + + if params: + base_url = '{}?{}'.format(base_url, urllib.urlencode(params)) + return base_url + + +@pytest.mark.usefixtures("app") +class TestUserGroupPermissionsView(object): + + def test_edit_perms_view(self, user_util, autologin_user): + user_group = user_util.create_user_group() + self.app.get( + route_path('edit_user_group_perms', + user_group_id=user_group.users_group_id), status=200) + + def test_update_permissions(self, csrf_token, user_util): + user_group = user_util.create_user_group() + user_group_id = user_group.users_group_id + user = user_util.create_user() + user_id = user.user_id + username = user.username + + # grant new + form_data = permission_update_data_generator( + csrf_token, + default='usergroup.write', + grant=[(user_id, 'usergroup.write', username, 'user')]) + + response = self.app.post( + route_path('edit_user_group_perms_update', + user_group_id=user_group_id), form_data).follow() + + assert 'User Group permissions updated' in response + + # revoke given + form_data = permission_update_data_generator( + csrf_token, + default='usergroup.read', + revoke=[(user_id, 'user')]) + + response = self.app.post( + route_path('edit_user_group_perms_update', + user_group_id=user_group_id), form_data).follow() + + assert 'User Group permissions updated' in response diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py --- a/rhodecode/model/repo.py +++ b/rhodecode/model/repo.py @@ -547,14 +547,16 @@ class RepoModel(BaseModel): # this updates also current one if found self.grant_user_permission( repo=repo, user=member_id, perm=perm) - else: # set for user group + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.grant_user_group_permission( repo=repo, group_name=member_id, perm=perm) - + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['updated'].append({'type': member_type, 'id': member_id, 'name': member_name, 'new_perm': perm}) @@ -565,13 +567,17 @@ class RepoModel(BaseModel): member_name = User.get(member_id).username self.grant_user_permission( repo=repo, user=member_id, perm=perm) - else: # set for user group + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.grant_user_group_permission( repo=repo, group_name=member_id, perm=perm) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) + changes['added'].append({'type': member_type, 'id': member_id, 'name': member_name, 'new_perm': perm}) # delete permissions @@ -580,13 +586,16 @@ class RepoModel(BaseModel): if member_type == 'user': member_name = User.get(member_id).username self.revoke_user_permission(repo=repo, user=member_id) - else: # set for user group + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.revoke_user_group_permission( repo=repo, group_name=member_id) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['deleted'].append({'type': member_type, 'id': member_id, 'name': member_name, 'new_perm': perm}) diff --git a/rhodecode/model/repo_group.py b/rhodecode/model/repo_group.py --- a/rhodecode/model/repo_group.py +++ b/rhodecode/model/repo_group.py @@ -425,11 +425,14 @@ class RepoGroupModel(BaseModel): member_name = User.get(member_id).username # this updates also current one if found _set_perm_user(obj, user=member_id, perm=perm) - else: # set for user group + elif member_type == 'user_group': member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _set_perm_group(obj, users_group=member_id, perm=perm) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['updated'].append( {'change_obj': change_obj, 'type': member_type, @@ -441,12 +444,15 @@ class RepoGroupModel(BaseModel): if member_type == 'user': member_name = User.get(member_id).username _set_perm_user(obj, user=member_id, perm=perm) - else: # set for user group + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _set_perm_group(obj, users_group=member_id, perm=perm) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['added'].append( {'change_obj': change_obj, 'type': member_type, @@ -458,12 +464,15 @@ class RepoGroupModel(BaseModel): if member_type == 'user': member_name = User.get(member_id).username _revoke_perm_user(obj, user=member_id) - else: # set for user group + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or has_group_perm(member_name, user=cur_user): _revoke_perm_group(obj, user_group=member_id) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['deleted'].append( {'change_obj': change_obj, 'type': member_type, diff --git a/rhodecode/model/user_group.py b/rhodecode/model/user_group.py --- a/rhodecode/model/user_group.py +++ b/rhodecode/model/user_group.py @@ -90,13 +90,16 @@ class UserGroupModel(BaseModel): self.grant_user_permission( user_group=user_group, user=member_id, perm=perm ) - else: + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.grant_user_group_permission( target_user_group=user_group, user_group=member_id, perm=perm) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['updated'].append({ 'change_obj': change_obj, @@ -110,13 +113,16 @@ class UserGroupModel(BaseModel): member_name = User.get(member_id).username self.grant_user_permission( user_group=user_group, user=member_id, perm=perm) - else: + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.grant_user_group_permission( target_user_group=user_group, user_group=member_id, perm=perm) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['added'].append({ 'change_obj': change_obj, @@ -129,13 +135,16 @@ class UserGroupModel(BaseModel): if member_type == 'user': member_name = User.get(member_id).username self.revoke_user_permission(user_group=user_group, user=member_id) - else: + elif member_type == 'user_group': # check if we have permissions to alter this usergroup member_name = UserGroup.get(member_id).users_group_name if not check_perms or HasUserGroupPermissionAny( *req_perms)(member_name, user=cur_user): self.revoke_user_group_permission( target_user_group=user_group, user_group=member_id) + else: + raise ValueError("member_type must be 'user' or 'user_group' " + "got {} instead".format(member_type)) changes['deleted'].append({ 'change_obj': change_obj, diff --git a/rhodecode/model/validators.py b/rhodecode/model/validators.py --- a/rhodecode/model/validators.py +++ b/rhodecode/model/validators.py @@ -797,7 +797,7 @@ def ValidPerms(localizer, type_='repo'): obj_type = k[0] obj_id = k[7:] update_type = {'u': 'user', - 'g': 'users_group'}[obj_type] + 'g': 'user_group'}[obj_type] if obj_type == 'u' and safe_int(obj_id) == default_user_id: if str2bool(value.get('repo_private')): @@ -827,7 +827,7 @@ def ValidPerms(localizer, type_='repo'): User.query()\ .filter(User.active == true())\ .filter(User.user_id == member_id).one() - if member_type == 'users_group': + if member_type == 'user_group': UserGroup.query()\ .filter(UserGroup.users_group_active == true())\ .filter(UserGroup.users_group_id == member_id)\ diff --git a/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py b/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py --- a/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py +++ b/rhodecode/tests/models/test_user_group_permissions_on_repo_groups.py @@ -48,7 +48,7 @@ def permissions_setup_func_orig( repo_group = RepoGroup.get_by_group_name(group_name=group_name) if not repo_group: raise Exception('Cannot get group %s' % group_name) - perm_updates = [[test_u2_gr_id, perm, 'users_group']] + perm_updates = [[test_u2_gr_id, perm, 'user_group']] RepoGroupModel().update_permissions(repo_group, perm_updates=perm_updates, recursive=recursive, check_perms=False) diff --git a/rhodecode/tests/utils.py b/rhodecode/tests/utils.py --- a/rhodecode/tests/utils.py +++ b/rhodecode/tests/utils.py @@ -427,3 +427,32 @@ def commit_change( f_path=filename ) return commit + + +def permission_update_data_generator(csrf_token, default=None, grant=None, revoke=None): + if not default: + raise ValueError('Permission for default user must be given') + form_data = [( + 'csrf_token', csrf_token + )] + # add default + form_data.extend([ + ('u_perm_1', default) + ]) + + if grant: + for cnt, (obj_id, perm, obj_name, obj_type) in enumerate(grant, 1): + form_data.extend([ + ('perm_new_member_perm_new{}'.format(cnt), perm), + ('perm_new_member_id_new{}'.format(cnt), obj_id), + ('perm_new_member_name_new{}'.format(cnt), obj_name), + ('perm_new_member_type_new{}'.format(cnt), obj_type), + + ]) + if revoke: + for obj_id, obj_type in revoke: + form_data.extend([ + ('perm_del_member_id_{}'.format(obj_id), obj_id), + ('perm_del_member_type_{}'.format(obj_id), obj_type), + ]) + return form_data